Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 SQL Server Development (2000)
 whats wrong with this?

Author  Topic 

kevinxyx
Starting Member

11 Posts

Posted - 2011-08-12 : 11:12:25
Unterminated string constant
/payroll/Validation.asp, line 95, column 89
sql = "UPDATE ManHrs SET DaysWork = " & rs5("DaysWork") & ", Record = " & rs5("Record")"'

tkizer
Almighty SQL Goddess

38200 Posts

Posted - 2011-08-12 : 11:45:20
quote:

whats wrong with this?



Well most importantly, your code is vulnerable to SQL injection. You should not be concatenating your SQL queries. Instead use parameterized queries or better yet stored procedures.

To answer your question though, it looks like you don't have the right number of double quotes. For the ending one, you've got a double quote and a single quote. And it appears you need two double quotes instead.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page
   

- Advertisement -